Managing Linux Using Puppet

Running Puppet Automatically

Running Puppet each time you want to make a change doesn't work well
beyond a handful of machines. To solve this, you can have each machine
automatically check git for changes and then run puppet
apply
(you can do this only if git has changed, but that is an optional).

Next, you will define a file called puppetApply.sh that does what you want and
then set up a cron job to call it every ten minutes. This is done in a
new module called puppet_apply in three steps:

Create your puppetApply.sh template in
modules/puppet_apply/files/puppetApply.sh as per Listing 12.

Create the puppetApply.sh file and set up the crontab entry as shown in Listing 13.

Use your puppet_apply module from your node in puppet-test.pp as per
Listing 14.

Listing 14. /manifests/puppet-test.pp

You will need to ensure that the server has read access to the git
repository. You can do this using an SSH key distributed via Puppet and an
IdentityFile entry in /root/.ssh/config.

If you apply changes now, you should see that there is an entry in root's
crontab, and every ten minutes puppetApply.sh should run. Now you
simply can commit your changes to git, and within ten minutes, they will be
rolled out.

Modifying Config Files

Many times you don't want to replace a config file, but rather ensure
that certain options are set to certain values. For example, I may want
to change the SSH port from the default of 22 to 2022 and disallow
password logins. Rather than manage the entire config file with Puppet,
I can use the augeas resource to set multiple configuration options.

Refer to Listing 15 for some code that can be added to the
developer_pc
class you created earlier. The code does three things:

Installs openssh-server (not really required, but there for completeness).

Ensures that SSH is running as a service.

Sets Port 2022 and PasswordAuthentication
no in /etc/ssh/sshd_config.

If the file changes, the notify clause causes SSH to
reload the configuration.